I'm thinking if I should move from the ecryptfs $HOME encryption to a full-disk encryption. What is the most recommended tool I can use for this full-disk encryption, and what is the best tutorial available on how to migrate from ecryptfs? Free and open source a big plus.

I know those are technically two questions, but the 1st question is just an opening to the 2nd.

1 Answer
1

My recommendation would be to backup all of our data and re-install Ubuntu using the alternate DVD and select LVM Encryption. This will encrypt all of the contents of all of the partitions that are part of your LVM. You will be required to enter your passphrase before the system is booted, so once your system is in that state it is no longer encrypted.

I would then supplement this with the use of TrueCrypt for encrypting the contents while the system is fully booted. I'm including a link to a Ubuntu community document that outlines how to install it and it should guide you to its basic use.

So why am I recommending two encryption solutions?

LVM Encryption - This will protect your system from theft if the machine is lost or stolen while in a powered off state.

TrueCrypt - This will protect your data while the machine is powered on.

*Caution: As soon as you decrypt any of the filesystems by mounting them they are at that point in cleartext. There is no way around this and you still need to exercise good security practices such as least privilege, strong passwords, firewall rules, etc.. *